eEvidence — Digital Trust Platform

The challenge

eEvidence, with over 20 years of experience in digital trust, needed to evolve its application ecosystem for generating legally valid electronic evidence. The challenge: modernize a platform that must comply with strict international legal standards while offering a simple and intuitive user experience.

Our solution

We collaborated with eEvidence on the development of their digital trust platform, working with React on the frontend and Node.js on the backend to create a robust and scalable application ecosystem that complies with the most demanding international regulations.

System architecture

What we built

• Certified email with eIDAS (EU) compliance that generates legally admissible proof
• Electronic signature with 4 trust layers for maximum legal security
• Registered SMS with delivery evidence and certified content
• Management dashboard to administer all certified communications
• Integration API to connect with existing enterprise systems

Architecture decisions

eEvidence’s architecture is designed with security and immutability as fundamental principles:

• Strict layer separation: the React frontend never directly accesses the evidence layer. All communication passes through the Node.js API that acts as guardian of legal business rules
• Event sourcing for evidence: every action affecting a certified communication is recorded as an immutable event, creating a verifiable digital chain of custody
• Stateless API: Node.js services are stateless, enabling horizontal scaling without compromising evidence consistency

Security and regulatory compliance

This is a project where security is not just another requirement, but the product itself:

• Time stamping (TSA): each piece of evidence is sealed with a qualified time stamping authority, guaranteeing proof of existence at a specific moment
• End-to-end encryption: certified communications are encrypted in transit and at rest
• X.509 certificates: party identity is verified through public key infrastructure
• Digital chain of custody: from creation to court presentation, every step is recorded and immutable
• Legal retention: data is stored for the legally required period with integrity guarantee

API design

eEvidence’s RESTful API is designed to integrate with any enterprise system:

• Endpoints by evidence type: certified email, electronic signature and registered SMS have their own resources with clear semantics
• Status webhooks: integrated systems receive real-time notifications when a communication changes state (sent, delivered, opened, certified)
• OAuth 2.0 authentication: secure access for third-party integrations
• Rate limiting and quotas: protection against misuse without affecting legitimate production flows

Regulatory compliance

The platform complies with the most demanding standards worldwide:

• eIDAS (EU): European regulation on electronic identification and trust services
• ESIGN / UETA (US): US electronic signature legislation
• GDPR: personal data protection in all certified communications
• Favorable case law: over 20 years of evidence admitted in courts across multiple jurisdictions

Results

• The platform enables companies worldwide to generate legally valid electronic evidence
• Verified regulatory compliance in the European Union and United States
• Over 20 years of continuous operation with evidence admitted in courts
• The 4 trust layers in electronic signature provide the highest level of legal security
• High service availability: certified communications are critical and cannot tolerate downtime
• API used by companies to automate certified communication delivery at scale

Key technical decisions

Tech stack

• React (frontend)
• Node.js (backend)
• Digital certification infrastructure (TSA, X.509)
• RESTful APIs with OAuth 2.0
• Event sourcing for immutability
• End-to-end encryption
• eIDAS / ESIGN / UETA / GDPR compliance